Marek Hulan <mhulan@redhat.com> reports:
Hello,
today it was discovered a community member (Daniel Lobato) that users can
manage hosts via API even when they shouldn't have access to them (works right
in UI). The app/controllers/api/v1/hosts_controller.rb does not honor user
privileges at all.